Scribd Logo
Upload

Welcome to Scribd!

  • Lamport'S Hash (I)

    Uploaded by

    Jyoti Bhatnagar
    20 views3 pages
    1) Lamport's hash protocol allows a user to authenticate to a server using only a password by having the user and server compute hashes of the password incrementally over multiple authentications. 2) It uses a "salt" value to allow the same password to be used on multiple servers and retains the same password when the hash counter reaches 1. 3) Issues include the server not being authenticated to the user and vulnerability to guessing the password when the hash counter is low.

    Original Description:

    Original Title

    Iss

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1) Lamport's hash protocol allows a user to authenticate to a server using only a password by having the user and server compute hashes of the password incrementally over multiple authentications. 2) It uses a "salt" value to allow the same password to be used on multiple servers and retains the same password when the hash counter reaches 1. 3) Issues include the server not being authenticated to the user and vulnerability to guessing the password when the hash counter is low.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views3 pages

    Lamport'S Hash (I)

    Uploaded by

    Jyoti Bhatnagar
    1) Lamport's hash protocol allows a user to authenticate to a server using only a password by having the user and server compute hashes of the password incrementally over multiple authentications. 2) It uses a "salt" value to allow the same password to be used on multiple servers and retains the same password when the hash counter reaches 1. 3) Issues include the server not being authenticated to the user and vulnerability to guessing the password when the hash counter is low.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    LAMPORTS HASH (I) STRONG PASSWORD PROTOCOLS

    Lamports Hash, EKE, SPEKE, PDM Server B authenticates user A A has only a password and As workstation has no private key Secure against eavesdropping and attacks on Bs database

    LAMPORTS HASH (II)


    A chooses a password and a number n ( 1000) A computes hashn (password) For each user B stores - username (transmitted by A) - integer n decremented after each authentication n - hash (password)

    LAMPORTS HASH (III)


    A, password A A As workstation n
    n-1

    B (password)

    x = hash
    n

    Initially B knows n and hash (password) On receipt of x, it hashes x and compares result to hash (password) n If equal, B replaces hash (password), n with x, n-1

    LAMPORTS HASH (IV)


    May enhance with salt A chooses salt and sends to B together with n and hash n (password salt) B sends (n, salt) to A on request Allows A to use same password on multiple servers Allows A to retain same password when n=1

    LAMPORTs HASH - ISSUES


    Unless salt is used reinstall password when n = 1 B is not authenticated by A Vulnerable to small n attack May employ without workstation software (i.e. user is provided with table of n hash (password) and n)

    Encrypted Key Exchange (EKE)


    Uses weak secret derived from password Protects against dictionary attack Multiple incorrect guesses should raise alarm
    A

    EKE (II)
    share weak secret W = f (password) A, EW (g mod p) EW (gb mod p, C1) K = g mod p EK (C , C )
    1 2 ab a

    EK (C2 )

    Simple Password Exponential Key Exchange (SPEKE)


    Uses weak secret W in place of g in Diffie Hellman exchange in EKE Exchanges W mod p and W mod p Agreed key is K = W mod p
    ab a b

    Password Derived Moduli (PDM)


    Modulus p = f (password) g=2 Agreed key K = 2 mod p
    ab

    Secure Remote Password (SRP)


    A, ga mod p g + g
    A
    b W

    SRP Details
    A computes W from password B stores g W mod p and associates with A g and p are fixed for the system a and b are chosen by A, B respectively challenges c1 and c2 are chosen by A, B respectively B additionally chooses a 32-bit number u SRP is documented in RFC 2945 and is common in IETF protocols

    mod p, u, c1
    B

    K = g b(a + uW) mod p E (c 1 ), c2 E (c2 )

    You might also like